Document information

Document ID:4655
Subject:Integrating Xeams with a third party anti virus
Creation date:12/14/15 4:35 PM
Last modified on:12/14/15 4:35 PM


Integration with third party anti-virus


Xeams can be configured to work with ClamAV, an open source anti-virus software. This document provides step-by-step instructions. The goal is to run ClamAV in daemon mode. Once this is done, besides running its own anti-virus rules, Xeams will consult with ClamAV in determining if an email contains a virus.

We recommend you run ClamAV on a dedicated Linux machine. We recommend Linux over Windows because it uses less resources and can be trimmed down to exactly what you need it for. In fact, you can run Linux as a Virtual machine either using VMWare or VirtualBox on any host. You can also install ClamAV on the same machine where Xeams is running, if that is what you prefer.

Integration

There are two ways to integrate Clam-AV:
Method 1
  • Download a pre-built virtual machine from here. This VM has Clam-AV pre-installed and configured
  • Login to Xeams' Admin Console as admin
  • Click Clam-AV Integration under Server Configuration
  • Specify the IP Address/Host name of the machine where ClamAV is running and click Save
  • Once values are saved, Xeams will send a test virus to ClamAV, which should be detected if ClamAV is working fine
Method 2
  • Download ClamAV from http://www.clamav.net for your appropriate platform
  • Run ClamAV in daemon mode. Click here for details.
  • Login to Xeams' Admin Console as admin
  • Click Clam-AV Integration under Server Configuration
  • Specify the IP Address/Host name of the machine where ClamAV is running and click Save
  • Once values are saved, Xeams will send a test virus to ClamAV, which should be detected if ClamAV is working fine

Troubleshooting common problems

  • Ensure ClamAV is running in daemon mode
  • If Xeams is able to connect but a test virus is not detected, update virus signatures in ClamAV
  • Ensure a firewall is not blocking communication between Xeams and ClamAV daemon








User comments

Posted by Francois on 6/24/15 9:22 AM

Hi Just installed clamav, and integrated with xeams.. the test work.. but, how to confirm an email was blocked with virus detected ? thanks

Posted by ThyTe on 9/19/16 11:43 AM

Quem estiver com dificuldade de instalar o Clamav Daemon: 1 - aptitude install clamav clamav-daemon libclamav-dev 2 - dpkg-reconfigure clamav-base 3 - "Socket type: TCP " - "TCP port clamd will listen on: 3310" - "IP address clamd will listen on: 127.0.0.1" Para todas as outras perguntas, deixe o padrão!

Posted by Alexander Ch on 8/18/16 2:33 AM

The form doesn't allow me to post the link here, but google it by the title: "Installing ClamAV on Windows Server 2012" . At least it works for me and generally speaking it makes sense. Good luck!

Posted by Tim on 12/18/14 6:36 AM

I have the same issue after following the instructions. ClamAV was installed on the same server as Xeams and Xeams entries point to localhost:3310. But nothing appears in the ClamAV log files and an EICAR test mail just routes into my mailbox. How can we see Xeams tries to connect to ClamAV?

Posted by Graham on 10/16/14 12:10 AM

How can you tell is this is working? Thanks

Posted by Marius on 6/23/15 4:18 AM

Hi, you should reconfigure Clam-AV dpkg-reconfigure clamav-base then select TCP socked insted of unix, select port, address and many other (link that helped me: https://www.howtoforge.com/how-to-integrate-clamav-through-mod_clamav-into-proftpd-for-virus-scanning-on-debian-lenny) After thees steps I added Antivirus thru Xeams web interface (Server Configuration -> Clam-AV Integration), test was successful and in Clam-AV log started to fill with reccords (Tue Jun 23 11:03:46 2015 -> stream(127.0.0.1@1953): Eicar-Test-Signature(44d88612fea8a8f36de82e1278abb02f:68) FOUND) I think now it working correctly. Ubuntu 14.04.

Posted by Richard on 4/25/17 12:34 PM

got this working on SBS2008sp2. I followed info in this thread. http://www.xeams.com/app?operation=forum&st=viewOneArticle&id=3248 The post has a link to blogDOTcampodoroDOTorg/?p=269 This is a setup guide for another client, but works for Xeams. My only issue was downloads. Had to manually download and put in the db folder, then restart the service.

Posted by Richard on 4/25/17 12:35 PM

got this working on SBS2008sp2. I followed info in this thread. http://www.xeams.com/app?operation=forum&st=viewOneArticle&id=3248 The post has a link to blogDOTcampodoroDOTorg/?p=269 This is a setup guide for another client, but works for Xeams. My only issue was downloads. Had to manually download and put in the db folder, then restart the service.

Posted by Nat O'Brien on 11/30/15 6:27 AM

I've correctly configured clams and it's updating, Xeams connects to it but virus's are still getting through. /var/log/clamav/clamav.log shows that Xeams is making connections but doesn't appear to actually stop any virus's. Xeams interface test confirms it's all OK. Not really prepared to buy a product that can't stop anything other than test viruses.

Posted by Henry on 4/3/14 8:24 AM

dont NOT work for me.... clamAVHost is 127.0.0.1 telnet 127.0.0.1 3310 is working Xeams do NOT check files with clamav..?! ans idea regards

Posted by zac on 9/2/15 5:05 PM

Same problem . connecting to clamd but no successful virus test in Xeams. all freshclam signatures updates. Did all config in clamav as well. Any other ideas??? Thanks


Add a comment to this document

Do you have a helpful tip related to this document that you'd like to share with other users? Please add it below. Your name and tip will appear at the end of the document text.
Your name:
Your email:
Hide my email address
Verification code:
Enter the verification code you see above more submitting your tip
Tip:Please limit tips to 1000 characters